06.04.2026 10:12

Here’s an original English rewrite of the provided news excerpt, incorporating diverse sentence structures and expanding on the details while omitting the original source website references:

**North Korean Cyber Talent Linked to Core DeFi Protocol Development**

Recent investigations into the decentralized finance (DeFi) landscape have revealed a startling and concerning connection: a significant number of sophisticated DeFi protocols were, in fact, subtly influenced by skilled information technology professionals originating from the Democratic People’s Republic of Korea (DPRK). A prominent on-chain analyst, known only as Tay, has brought this previously obscured reality to light, sparking considerable debate and prompting a deeper examination of security vulnerabilities within the burgeoning crypto sector.

The revelation began with a seemingly innocuous exchange on the social media platform X, where a user recounted a disconcerting experience during a job interview – encountering an individual suspected of being linked to the Lazarus Group, a notorious hacking collective associated with North Korea. This anecdote triggered a cascade of investigation by Tay, who noted that his former employer had nearly recruited a candidate whose background later aligned with information released by Lazarus, a group known for its targeted attacks on cryptocurrency exchanges and DeFi platforms. The candidate, demonstrating impressive technical abilities, progressed through multiple stages of the hiring process, including rigorous technical assessments and video interviews, ultimately withdrawing only when requested to participate in in-person meetings.

Interestingly, Tay observed a strategic shift by the Lazarus Group over time – a move to utilize individuals from outside North Korea to conduct these crucial face-to-face interactions, a tactic designed to evade detection and complicate investigations. This development underscored the evolving sophistication of the DPRK’s cyber operations and their persistent efforts to infiltrate and exploit the global digital economy. The case of Drift Protocol, where a state-sponsored operation spent six months embedded within the development team before orchestrating a significant attack in April, served as a stark reminder of the potential for deep-seated compromise.

Responding to direct inquiries on X, Tay presented a comprehensive list exceeding forty projects, each purportedly benefiting from the involvement of DPRK-linked developers. The list included established names like Sushi, Thorchain, and Yam, alongside newer protocols such as Pickle, Harvest, and Reclaim. Furthermore, it encompassed a diverse range of projects including Swing, Paid, Naos, Shezmu, Qrolli, Saffron, Sifu, Napier, Harmony, Blueberry, Stabble, Onering, Elemental, Divvy, La Token, Impermax, Kira, Cook, Fantom, Ankr, Gamerse, Metaplay, Spice, Beanstalk, DeltaPrime, Magiccraft, Hector, DeSpace, Depo, CreamFi, Shib, Kumainu, Starlink, Yearn, and Floki.

Notably, the inclusion of Fantom and Yearn on this list generated considerable surprise among seasoned observers within the cryptocurrency community. Tay acknowledged that the list was compiled “off the top of their head,” suggesting that the scope of the influence may be even broader than currently understood, highlighting a potentially systemic issue demanding immediate and sustained attention.